Cyber Incident Victim: LIHKG

In August 2019, the Chinese government-operated Great Cannon tool was deployed to conduct distributed denial-of-service (DDoS) attacks against LIHKG.com, a Hong Kong-based online forum. The attacks overwhelmed the platform with over 1.5 billion requests per hour, significantly disrupting its operations. This offensive marked the first confirmed reactivation of the Great Cannon since its 2017 use against Mingjingnews.com. The tool functioned by intercepting internet traffic destined for Chinese-hosted websites and injecting malicious JavaScript code into the data streams. Technical analysis by AT&T Cybersecurity confirmed the August 2019 attacks employed JavaScript nearly identical to that observed in the 2017 incidents. The timing coincided with ongoing pro-democracy protests in Hong Kong, where LIHKG had become a primary coordination hub for organizers to share logistical information and mobilization plans.

The sustained DDoS campaign against LIHKG represented a resurgence of China's infrastructure-based censorship tool after two years of dormancy. Historical precedents included the Great Cannon's 2015 attacks against GitHub and GreatFire.org, which had established its capability to weaponize internet traffic at national scale. The 2019 attack's technical signature matched previous state-sponsored operations, though such deployments remained uncommon. LIHKG's prominence as a protest coordination platform during the Hong Kong demonstrations made it a strategic target for disruption. While the article does not specify mitigation measures taken by LIHKG administrators, the documented attack volume indicated severe operational impacts requiring substantial defensive resources. The incident reaffirmed the Great Cannon's continued role in China's cyber operations arsenal against perceived domestic threats.